From 7d13ec6274b71fa1359b1ef8ebb966498e5b2f45 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 23 Mar 2016 09:18:13 -0400
Subject: hide firejail run time information

---
 src/firejail/fs.c | 12 ++++++++++--
 todo              | 20 ++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 644255de5..a5edec714 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -710,10 +710,18 @@ static void disable_firejail_config(void) {
 		if (stat(fname, &s) == 0)
 			disable_file(BLACKLIST_FILE, fname);
 	}
-
-	
 	
 	free(fname);
+	
+	// disable run time information
+	if (stat(RUN_FIREJAIL_NETWORK_DIR, &s) == 0)
+		disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NETWORK_DIR);
+	if (stat(RUN_FIREJAIL_BANDWIDTH_DIR, &s) == 0)
+		disable_file(BLACKLIST_FILE, RUN_FIREJAIL_BANDWIDTH_DIR);
+	if (stat(RUN_FIREJAIL_NAME_DIR, &s) == 0)
+		disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NAME_DIR);
+	if (stat(RUN_FIREJAIL_X11_DIR, &s) == 0)
+		disable_file(BLACKLIST_FILE, RUN_FIREJAIL_X11_DIR);
 }
 
 
diff --git a/todo b/todo
index b631e6a06..d47a47fd0 100644
--- a/todo
+++ b/todo
@@ -55,3 +55,23 @@ Warning: seccomp file not found
 Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.
 $ ls ~ <----------------- all files are available, the directory is not empty!
 
+10. Posibly capabilities broken for --join
+
+$ firejail --name=test
+...
+$ firejail --debug --join=test
+Switching to pid 18591, the first child process inside the sandbox
+User namespace detected: /proc/18591/uid_map, 1000, 1000
+Set caps filter 0
+Set protocol filter: unix,inet,inet6
+Read seccomp filter, size 792 bytes
+
+However, in the join sandbox we have:
+$ cat /proc/self/status | grep Cap
+CapInh:	0000000000000000
+CapPrm:	0000000000000000
+CapEff:	0000000000000000
+CapBnd:	0000003fffffffff
+CapAmb:	0000000000000000
+
+11. net_netfilter.exp broken
-- 
cgit v1.2.3-70-g09d2